Security researcher and engineer focused on web vulnerability research, browser-side investigations, malware analysis, and practical automation.
Auto-refreshed daily via GitHub Actions. Last refresh: 2026-04-20 08:26 UTC
|
Current role Red Team Researcher at Synack |
Independent research Since December 2020 |
Current study MSc at University of Tuscia (UNITUS), Italy |
Status note: All assigned 2026 CVE IDs are currently covered in a single public reference gist and can move into the public CVE section once broader publication catches up.
- Web vulnerability research with clear reproduction steps, impact framing, and remediation notes
- Browser-extension analysis, request/response inspection, and exploit-path validation
- Router, Wi-Fi, and firmware security work
- Python and JavaScript tooling to speed up testing, validation, and reporting
- Write-ups and investigations that preserve technical detail without turning into noise
CVE-2021-35036: Zyxel super-admin password leak affecting multiple router modelsCVE-2021-21735: ZTE H168N authentication bypass
Assigned by MITRE in March 2026. Public reference gist is available.
All three currently share a single reference gist.
CVE-2026-34472: ZXHN H188A V6.0 unauthenticated credential disclosure via the web wizard, leading to admin, WLAN, and PPPoE credential exposure and auth bypassCVE-2026-34473: ZXHN H-series multiple models unauthenticated denial of service via oversizedapplication/x-www-form-urlencodedPOST bodies against the management interfaceCVE-2026-34474: ZXHN H298A and H108N sensitive data exposure through the web interface, leading to admin and WLAN credential disclosure
- Account takeover on OLX Middle East via password-reset logic abuse
- Race condition in Medium's voting flow that enabled count manipulation
ShotBirdanalysis in March 2026: ownership-transfer to browser-based C2 chain, credential and form-data capture, and follow-on Windows credential targeting- Hack The Box work focused on systematic enumeration, common web vulnerabilities, and Linux privilege escalation
| Project | Why it matters |
|---|---|
| Youtube-Downloader-Bookmarklet | Strongest public repo by stars; a JavaScript bookmarklet with real usage traction. |
| huawei-dg8045-hg630-hg633-Config-file-decryption-and-password-decode | Router-focused work that matches the security and firmware side of the profile. |
| burpsuite-custom-extension | Current Python Burp extension work for response modification and testing workflows. |
| BookMarkletsWiki | Practical browser tooling collected into one place. |
| Ubicast-Video-Downloader | Small targeted JavaScript tooling with a clear one-click use case. |
| WIFI-Location-Locator-GUI | Public Wi-Fi utility work that aligns with the network side of the profile. |
| Gist | Why it matters |
|---|---|
| ZTE ZXHN router vulnerabilities | Public reference write-up for the assigned 2026 ZTE/ZXHN CVE IDs. |
| Export Chrome extensions inventory | Practical PowerShell inventory/export tooling for browser-extension analysis and auditing. |
| Milanote Board to Markdown | Useful browser automation work that turns visual boards into markdown output. |
| Reddit post exporter | Tampermonkey-based structured export tooling with a clear LLM/data-prep use case. |
- Red Team Researcher, Synack, Inc. | Remote | June 2025 to present
- Independent Security Researcher | Bug bounty and crowdsourced platforms | December 2020 to present
- MSc, University of Tuscia (UNITUS), Italy | 2025 to expected July 2027
- BSc Computer Science, Thebes Academy, Cairo | October 2021 to May 2025